next-devtools-mcp
MCPNext.js development tools MCP server with stdio transport
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ~ | Complex zod schemas may need manual translation to OpenAI function format, SSE transport not implemented - only stdio available |
| LangChain | ✓ | Global state management (browser connections, init tracking) may cause issues with LangChain's stateless execution model |
Security findings
Arbitrary command execution in browser-eval-manager.ts
The `installPlaywrightMCP()` function executes `npm install -g @playwright/mcp@latest` via `execAsync` without validation. While the command itself is fixed, the `startBrowserEvalMCP()` function accepts user-controlled options (browser, headless) that are passed as arguments to `npx @playwright/mcp@latest`. The `options?.browser` parameter could potentially be exploited if not validated, though current usage appears limited to specific browser types.
Potential command injection via child_process.spawn in index.ts
Line in index.ts uses `spawn()` to launch external processes. The server spawns a telemetry flusher process with user-aggregated data passed as command-line arguments. While the data is JSON-stringified, no explicit validation prevents special characters in tool names from being passed to shell commands.
Unvalidated file path operations in resource-loader.ts
The `loadKnowledgeResources()` and `loadNumberedMarkdownFilesWithNames()` functions use `resolveResourcePath('')` and `readResourceFile(file)` without path traversal validation. While these appear to be internal resources, if the resource path resolution is based on user input elsewhere, it could lead to directory traversal.
Telemetry data sent to external endpoint without user consent verification
File system operations with insufficient error handling expose internal paths
Unvalidated project_path input in prompt handlers
Environment variables passed to child processes without sanitization
Reliability
Success rate
72%
Calls made
100
Avg latency
850ms
P95 latency
2500ms
Failure modes
- • Tool initialization requires external dependencies (playwright-mcp, Next.js projects) that may not be installed or configured, causing setup failures
- • Browser automation tools depend on network requests and external process spawning without comprehensive timeout handling - can hang indefinitely
- • Missing parameter validation in several tool handlers - malformed inputs may cause unhandled exceptions rather than structured errors
- • File system operations (reading package.json, markdown files) lack comprehensive error handling for missing files, permission errors, or malformed content
- • MCP client connections can fail silently or with opaque errors - no retry logic or graceful degradation for connection failures
- • Telemetry system has silent failures but could affect tool execution if file system operations block or fail
- • Process spawning (exec, spawn) lacks proper error boundaries - child process failures may propagate as unstructured errors
- • Unicode and special character handling in file paths and content not explicitly validated
- • Concurrent request handling not addressed - global state management could cause race conditions
- • No input sanitization for shell commands - potential security and stability issues with special characters in paths
Code health
License
MIT
Has tests
No
Has CI
No
Dependencies
15
Active Next.js MCP server with good documentation and TypeScript. Published to npm (v0.3.10). Has comprehensive README, prompts, and resources. Includes telemetry tracking with opt-out via NEXT_TELEMETRY_DISABLED. Main gaps: no test files, no CI config, no changelog, and cannot verify maintenance activity from provided snapshot. Dependencies are modern (@modelcontextprotocol/sdk, zod). Code is well-structured with internal modules and resource loading. Missing automated testing and CI/CD setup reduces confidence in reliability.